Electronic Communications Privacy Act of 1986 (ECPA), 


18 U.S.C. §§ 2510-2523 
Title Ill (the "Wiretap Statute aka 18 USC §2510 to §2523) outlines the 


guidelines regulating ordinary law enforcement surveillance 
https://bja.ojp.gov/program/it/privacy-civil-liberties/authorities/statutes/1285 


Background 


The Electronic Communications Privacy Act and the Stored Wire Electronic Communications Act are 
commonly referred together as . The 
which addressed interception of conversations 
using "hard felenhonie lines, but did not apply to interception of computer and other digital and 
electronic communications. Several subsequent pieces of legislation, including The USA PATRIOT 
Act, clarify and update the ECPA to keep pace with the evolution of new communications technologies 
and methods, including easing restrictions on law enforcement access to stored communications in 
some cases. 


General Provisions 


The ECPA, as amended, protects wire, oral, and electronic communications while those 
communications are being made, are in transit, and when they are stored on computers. The Act 
applies to email, telephone conversations, and data stored electronically. 


Civil Rights and Civil Liberties 


"The structure of the SCA reflects a series of classifications that indicate the drafters’ judgments about 
what kinds of information implicate greater or lesser privacy interests. For example, the drafters saw 
greater privacy interests in the content of stored emails than in subscriber account information. 
Similarly, the drafters believed that computing services available ‘to the public’ required more strict 
[sic] regulation than services not available to the public...To protect the array of privacy interests 
identified by its drafters, the [Act] offers varying degrees of legal protection depending on the 
perceived importance of the privacy interest involved. Some information can be obtained from 
providers with a subpoena; other information requires a special court order; and still other 
information requires a search warrant. In addition, some types of legal process require notice to 
the subscriber, while other types do not." 


The Act reflects a general approach of providing greater privacy protection for materials in which 
there are greater privacy interests. For a more in-depth analysis, U.S. Dept. of Justice, Searching and 
Seizing Computers and Obtaining Electronic Evidence In Criminal Investigations (2009), pp. 115- 
116, (287pp | 1.01mb | PDF). 


Specific Provisions 


The ECPA has three titles: 


Title | of the ECPA, which is often referred to as the Wiretap Act, prohibits the intentional actual or 
attempted interception, use, disclosure, or "procure[ment] [of] any other person to intercept or 
endeavor to intercept any wire, oral, or electronic communication." Title I also prohibits the use of 
illegally obtained communications as evidence. 18 U.S.C. § 2515.. 


Exceptions. Title I provides exceptions for operators and service providers for uses "in the normal 
course of his employment while engaged in any activity which is a necessary incident to the rendition 
of his service" and for "persons authorized by law to intercept wire, oral, or electronic communications 
or to conduct electronic surveillance, as defined in section 101 of the Foreign Intelligence Surveillance 
Act (FISA) of 1978." 18 U.S.C. § 2511. It provides procedures for Federal, State, and other government 
officers to obtain judicial authorization for intercepting such communications, and regulates the use 
and disclosure of information obtained through authorized wiretapping. 18 U.S.C. §§ 2516-2518. A 
judge may issue a warrant authorizing interception of communications for up to 30 days upon a 
showing of probable cause that the interception will reveal evidence that an individual is committing, 
has committed, or is about to commit a "particular offense" listed in Section 2516. 18 U.S.C. § 2518. 


Title Il of the’ ECPA, which is called the Stored Communications Act (SCA), protects the privacy of 


the contents of files stored by service providers and of records held about the subscriber by service 
providers, such as subscriber name, billing records, or IP addresses. 18 U.S.C. 8§ 2701-12. 


Title Ill of the ECPA, which addresses pen register and trap and trace devices, requires government 
entities to obtain a court order authorizing the installation and use of a pen register (a device that 
captures the dialed numbers and related information to which outgoing calls or communications are 
made by the subject) and/or a trap and trace (a device that captures the numbers and related 
information from which incoming calls and communications coming to the subject have 

originated). 18 U.S.C. §§ 3121 - 3127. No actual communications are intercepted by a pen register or 
trap and trace. The authorization order can be issued on the basis of certification by the applicant that 
the information likely to be obtained is relevant to an ongoing criminal investigation being conducted 
by the applicant’s agency. 


Amendments 


The ECPA was significantly amended by the Communications Assistance to Law Enforcement Act 
(CALEA) in 1994, the USA PATRIOT Act in 2001, the USA PATRIOT reauthorization acts in 2006, and 
the FISA Amendments Act of 2008 (16pp | 303kb | PDF). Other acts have made specific amendments 
of lesser significance. 


Digital Search Warrants 


https://www.iacpcybercenter.org/prosecutors/digital-search-warrants 


A search warrant may be issued to search a computer or electronic media if there is probable cause to 
believe that the media contains or is contraband, evidence of a crime, fruits of crime, or an 
instrumentality of a crime. For more information, see Fed. R. Crim. P. 41(c). 

This section will very briefly address three important issues concerning search warrants for digital 
evidence: particularity, the permissible time period for examining seized electronic devices or storage 
media, and the retention of seized data. 


Particularity 


Search warrants must particularly describe the place to be searched and the things to be seized. 
“When electronic storage media are to be searched because they store information that is evidence of a 
crime, the items to be seized under the warrant should usually focus on the content of the relevant 
files rather than the physical storage media” (Searching and Seizing Computers and Obtaining 
Evidence in Criminal Investigations, Computer Crime and Intellectual Property Section, Criminal 
Division, U.S. Department of Justice, Washington, D.C (3rd ed 2009) at 72). 


One approach “is to begin with an ‘all records’ description; add limiting language stating the crime, 
the suspects, and relevant time period, if applicable; include explicit examples of the records to be 
seized ; and then indicate that the records may be seized in any form, whether electronic or non- 
electronic” (Id. at 74-77). 


In some jurisdictions, judges or magistrates may impose specific conditions on how the search is to be 
executed or require police to explain how they plan to limit the search before the warrant may be 
granted. 


Permissible Time Period for Examining Seized Electronic Equipment 


Courts have held that, while the Federal Rules of Criminal Procedure require a search warrant be 
executed within 10 days of issuance, the Fourth Amendment only requires the forensic analysis of a 
seized computer or electronic equipment be conducted within a reasonable time. United States v. 
Mutschelkaus, 564 F. Supp. 2d 1072, 1077 (D.N.D. 2008). (“Mutschelknaus contends that the forensic 
analysis of the computer and electronic storage media was in violation of Rule 41(e)(2)(A) of the 
Federal Rules of Criminal Procedure because it was conducted more than ten days after the issuance of 
the search warrant. Rule 41(e)(2)(A) establishes that a search warrant ‘must command the officer 

to execute the warrant within a specified time no longer than 10 days...’ In this case, the computer and 
electronic storage media were seized within the ten (10) day time limit established in the search 
warrant and the forensic analysis took place within the sixty (60) days granted by the magistrate 
judge... [T]he Federal Rules of Criminal Procedure do not require that the forensic analysis of 
computers and other electronic equipment take place within a specific time limit. Any subsequent 
search only needs to be conducted within a reasonable time.”) 


"Whether a delay is unreasonable is determined ‘in light of all the facts and circumstances,’ and on a 
‘case by case basis.” (U.S. v. Mayomi, 384 F.2d 1049, 1054 n.6 (7th Cir. 1989)). 


For example, in U.S. v. Mitchell, 565 F.3d 1347, 1351 (uth Cir. 2009), a 21-day delay in obtaining a search 
warrant for the defendant’s computer after the computer had been seized was held to be unreasonable 
under the circumstances. (The only reason Agent West gave for the twenty-one-day delay in applying 
for a search warrant was that he “didn’t see any urgency of the fact that there needed to bea search 
warrant during the two weeks that [he] was gone,” and that he “felt there was no need to get a search 
warrant for the content of the hard drive until [he] returned back from training.) 


There may be compelling law enforcement reasons for delays, including waiting while a warrant can 
be secured or waiting for the completion of more pressing active investigations that required forensic 
examiner resources. Similarly, complicated forensic analysis because of the volume of files or the 
presence of encryption may provide compelling reasons for delay. 


Unreasonable Retention of Seized Data 


In United States v. Ganias, a panel of the United States Court of Appeals for the Second Circuit 
“consider[ed] . . . whether the Fourth Amendment permits officials executing a warrant for the seizure 
of particular data on a computer to seize and indefinitely retain every file on that computer for use in 
future criminal investigations. We hold that it does not.” See United States v. Ganias, 755 F.3d 125 (2d 
Cir. 2014). The Second Circuit ordered a rehearing en banc and decided “that the Government relied in 
good faith on the 2006 warrant, and that this reliance was objectively reasonable. Accordingly, we 
need not decide whether retention... violated the Fourth Amendment.” However the government 
recognized the complexity of the issue: 


“(T]he Government plausibly argues that, because digital storage media constitute coherent forensic 
objects with contours more complex than—and materially distinct from—file cabinets containing 
interspersed paper documents, a digital storage medium or its forensic copy may need to be retained, 
during the course of an investigation and prosecution, to permit the accurate extraction of the primary 
evidentiary material sought pursuant to the warrant; to secure metadata and other probative evidence 
stored in the interstices of the storage medium; and to preserve, authenticate, and effectively present 
at trial the evidence thus lawfully obtained. To be clear, we do not decide the ultimate merit of 
this argument... Nor do we gainsay the privacy concerns implicated when the government retains a 
hard drive or forensic mirror containing personal information irrelevant to the ongoing investigation, 
even if such information is never viewed.” 


United States v. Ganias, 824 F.3d 199 (2d Cir. 2016) 


Relevant Federal Statutes 


https://www.iacpcybercenter.org/prosecutors/8-2relevant-federal-statutes/ 


There are numerous federal statutes that govern access by law enforcement to electronic information 
that may be sought as part of a criminal investigation. There is significant legal debate in the courts 
about how these laws, none of which contemplated modern smartphones or social media sites, apply 
in the 21st century. Law enforcement and prosecutors will need to comply with state law provisions 
concerning the search and seizure of electronic information if they differ from federal requirements, 
creating additional challenges. A brief description of the dominant statute, Electronic 
Communications Privacy Act (ECPA) is provided, followed by additional provisions and related laws 
that govern the search and seizure of electronic information. 


Electronic Communications Privacy Act (ECPA): 18 U.S.C. §§ 2510-2522 


The Electronic Communications Privacy Act (ECPA) sets forth the standards and processes for law 
enforcement to obtain information about electronic communications. The Act prohibits real-time 
interception or recording of wire, oral, or electronic communications; however, law enforcement may 
obtain a court order to permit the interception and recording of electronic communications, as well as 
oral (physically spoken) and wire (telephone) communications, in specific circumstances. 


Section 2516(2) of the Act describes how a state prosecutor may apply to a state court judge for an 
order authorizing or approving the interception of wire, oral, or electronic communications by 
investigative or law enforcement officers having responsibility for the investigation of the offense, 
“when such interception may provide or has provided evidence of the commission of the offense of 
murder, kidnapping, gambling, robbery, bribery, extortion, or dealing in narcotic drugs, marihuana or 
other dangerous drugs, or other crime dangerous to life, limb, or property, and punishable by 
imprisonment for more than one year, designated in any applicable State statute authorizing such 
interception, or any conspiracy to commit any of the foregoing offenses.” 


e Office of Justice Programs 
summary: https://it.ojp.gov/PrivacyLiberty/authorities/statutes/1285 
e Congressional Research Service summary: https://www.fas.org/sgp/crs/misc/R41733.pdf 


Given the changes in technology that have occurred since ECPA was passed in 1986, it is unsurprising 
that there have been a number of attempts to update it. Information regarding proposed amendments 
to ECPA is available through several sources. The text of proposed amendments to ECPA and the 


history of these bills is available online through the Library of Congress. Additional information about 
the role ECPA plays in criminal investigations and potential reasons why it may need to be updated is 
available through testimony presented at Congressional hearings. Finally, prominent scholars have 
discussed several ways ECPA could be updated. 


e Information regarding proposed legislation can be found 
at: http://thomas.loc.gov/home/thomas.php 

e Congressional testimony from Department of Justice officials regarding potential updates 
to ECPA can be found at: http://www.justice.gov/opa/speech/acting-assistant-attorney- 


general-elana-tyrangiel-testifies-us-house-judiciary 
e Records from the Congressional Hearing concerning potential updated to ECPA can be 


found at: http://fas.org/irp/congress/2013_hr/ecpa.pdf 


e Orin S. Kerr, A User’s Guide to the Stored Communications Act, and a Legislator’s Guide 
to Amending it: http://papers.ssrn.com/sol3/papers.cfm?abstract_id=421860 


Stored Communications Act (“SCA”): 18 U.S.C. §§ 2701-2712 


e The SCA permits law enforcement access to electronic communications (such as email) 
that have been stored for 180 days or less only pursuant to a warrant. 


e Law enforcement may obtain access to the content of electronic communications (such as 
email) that have been stored for more than 180 days without providing notice to the 
subscriber or customer if the state prosecutor has obtained a warrant, administrative 
subpoena, grand jury or trial subpoena. See Section 2703 (a) and (b). However, at least one 
federal circuit court has found that the content of electronic communications is protected 
by the Fourth Amendment and can only be obtained with a search warrant, regardless of 
the length of storage. See United States v. Warshak, 631 F.3d 266 (6th Cir. 2010). 


e Law enforcement may obtain specific records about electronic communications of a 
subscriber or customer with an administrative, grand jury, or trial subpoena. Although the 
content of the electronic communications cannot be obtained, law enforcement may 
obtain name, address, records of sessions, including times and duration, local and long 
distance connection records, length of service and types of services utilized, telephone and 
instrument number or other subscriber number or identity, including any temporarily 
assigned network address, and the means and source of payment, including credit card or 
bank account number. See Section 2703 (c) (2) (a - f). 


e Law enforcement may only obtain historic Cell Site Location Information (CSLI) of a 
subscriber or customer with a traditional search warrant. See Carpenter v. United 
States, 138 S.Ct. 2206 (2018) (recognizing “the deeply revealing nature of CSLI, its depth, 
breadth, and comprehensive reach, and the inescapable and automatic nature of its 
collection” and finding “the fact that such information is gathered by a third party does not 
make it any less deserving of Fourth Amendment protection. 


Pen Register and Trap and Trace (“PR/TT”): 18 U.S.C. §§ 3121-3127 


e PR/TT permits law enforcement to obtain electronic wire and dialing and routing 
information, such as email headers and IP address information. See United States v. 
Forrester, 512 F.3d 500, 510 (gth Cir. 2008) (email to/from addresses and IP addresses 
constitute addressing information). 


e Section 3122 (a) (2) provides, “Unless prohibited by State law, a State investigative or law 
enforcement officer may make application for an order or an extension of an order under 
section 3123 of this title authorizing or approving the installation and use of a pen register 
or a trap and trace device under this chapter, in writing under oath or equivalent 
affirmation, to a court of competent jurisdiction of such State.” 


e Section 3122 (b) (1) and (2) outline what the contents of an application for a trap and trace 
or pen register shall include: 


(1). “the identity of the attorney for the Government or the State law enforcement or 
investigative officer making the application and the identity of the law enforcement 
agency conducting the investigation;” and 


(2). “a certification by the applicant that the information likely to be obtained is 
relevant to an ongoing criminal investigation being conducted by that agency.” 


Privacy Protection Act (“PPA”): 42 U.S.C. §§ 2000aa 


e The PPA prohibits law enforcement from searching or seizing work product from a person 
reasonably believed to publish public communications, like a newspaper, book or 
broadcast. 


A warrant can be obtained for such work product if there is probable cause to believe that the person 
possessing such materials has committed, or is committing, a crime to which the materials relate, or if 
seizure is necessary to prevent death or serious bodily injury, among several other narrow exceptions. 
See 42 U.S.C. 2000aa (a) (1) and (2). 


